Date: Wed, 10 Jun 2009 12:15:14 GMT From: Jonathan Anderson <jona@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 163981 for review Message-ID: <200906101215.n5ACFE4R048461@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=163981 Change 163981 by jona@jona-trustedbsd-belle-vm on 2009/06/10 12:14:24 user_angel can now handle multiple requests from multiple clients Affected files ... .. //depot/projects/trustedbsd/capabilities/src/tools/cap/cap_exec/Makefile#4 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/cap_exec/cap_exec.c#8 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/cap_exec/main.c#3 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/cap_exec/make-main.sh#3 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/Makefile#2 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/cap.c#2 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/cap.h#2 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/fdcomm.c#2 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/fdcomm.h#2 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/protocol.c#2 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/protocol.h#2 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/server.c#2 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/server.h#2 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/test_client.c#2 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/user_angel.c#2 edit .. //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/user_angel.h#2 edit Differences ... ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/cap_exec/Makefile#4 (text+ko) ==== ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/cap_exec/cap_exec.c#8 (text+ko) ==== ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/cap_exec/main.c#3 (text+ko) ==== ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/cap_exec/make-main.sh#3 (text+ko) ==== ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/Makefile#2 (text+ko) ==== ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/cap.c#2 (text+ko) ==== ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/cap.h#2 (text+ko) ==== ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/fdcomm.c#2 (text+ko) ==== @@ -119,7 +119,7 @@ } else if(bytes == 0) { - perror("Received 0 bytes"); + fprintf(stderr, "Socket closed\n"); return -1; } ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/fdcomm.h#2 (text+ko) ==== ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/protocol.c#2 (text+ko) ==== ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/protocol.h#2 (text+ko) ==== ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/server.c#2 (text+ko) ==== @@ -38,6 +38,7 @@ #include <sys/socket.h> #include <sys/un.h> +#include <errno.h> #include <fcntl.h> #include <stdlib.h> #include <stdio.h> @@ -54,33 +55,69 @@ int shutting_down = 0; char control_socket_name[256] = ""; +int *clients; +int clientslen; +int clientsmaxlen; + + void user_angel_server_shutdown(void) { shutting_down = 1; close(fd_control); unlink(control_socket_name); + + fd_control = 0; } int handle_request(int client, enum user_angel_request req); +int bind_to_path(const char *path); +void accept_client(int fd_server); +void service_clients(void); int run_server(const char* address) { + clientslen = 0; + clients = (int*) malloc (128 * sizeof(int)); + clientsmaxlen = 128; + strcpy(control_socket_name, address); printf("Creating control socket at %s...\n", control_socket_name); + fd_control = bind_to_path(control_socket_name); + if(fd_control < 0) + { + perror("Error binding control socket"); + return -1; + } + + + while(fd_control) + { + accept_client(fd_control); + service_clients(); + } + + user_angel_server_shutdown(); + + return 0; +} + + +int bind_to_path(const char *path) +{ struct sockaddr_un addr; addr.sun_family = AF_UNIX; strcpy(addr.sun_path, control_socket_name); - fd_control = socket(AF_UNIX, SOCK_STREAM, 0); - if(fd_control == 0) + int fd = socket(AF_UNIX, SOCK_STREAM, 0); + if(fd == 0) { if(shutting_down) return 0; @@ -89,7 +126,8 @@ return -1; } - if(bind(fd_control, (struct sockaddr*) &addr, sizeof(struct sockaddr_un))) + + if(bind(fd, (struct sockaddr*) &addr, sizeof(struct sockaddr_un))) { if(shutting_down) return 0; @@ -99,7 +137,7 @@ } - if(listen(fd_control, 10)) + if(listen(fd, 0)) { if(shutting_down) return 0; @@ -109,45 +147,84 @@ } - for(int i = 0; i < 3; i++) + // non-blocking socket I/O + int flags = fcntl(fd, F_GETFL, 0); + if(flags < 0) + { + perror("Error getting flags for control socket"); + return -1; + } + + if(fcntl(fd, F_SETFL, flags | O_NONBLOCK)) + { + perror("Error setting flags on control socket"); + return -1; + } + + + return fd; +} + + + +void accept_client(int fd_server) +{ + int client; + struct sockaddr_un clientaddr; + unsigned int clientaddrlen; + + client = accept(fd_server, (struct sockaddr*) &clientaddr, + &clientaddrlen); + + if(client < 0) + { + if(errno == EAGAIN) { usleep(1); return; } + if(shutting_down) return; + + perror("Error accepting client"); + return; + } + + printf("Accepted client: FD %i\n", client); + + clients[clientslen++] = client; + + if(clientslen == clientsmaxlen) { - int client; - struct sockaddr_un clientaddr; - unsigned int clientaddrlen; + int newsize = 2 * clientsmaxlen; + int *newclients = (int*) malloc(newsize * sizeof(int)); - client = accept(fd_control, (struct sockaddr*) &clientaddr, &clientaddrlen); - if(client <= 0) - { - if(shutting_down) return 0; + memcpy(newclients, clients, clientslen * sizeof(int)); + free(clients); + clients = newclients; + clientslen = newsize; + } +} - perror("Error accepting client"); - user_angel_server_shutdown(); - return -1; - } - printf("Accepted client: FD %i\n", client); +void service_clients(void) +{ + enum user_angel_request req; - enum user_angel_request req; + for(int i = 0; i < clientslen; i++) + { + int client = clients[i]; int bytes = get_int_from(client, (int*) &req); - if(bytes == 0) usleep(100); - else if(bytes > 0) + if(bytes > 0) { if(handle_request(client, req)) perror("Error handling client request"); } + else if((bytes == 0) && (errno == EAGAIN)) continue; else { - if(shutting_down) return 0; + if(shutting_down) return; - perror("Error recv()'ing from control pipe"); + perror("Error recv()'ing from client"); break; } } - - user_angel_server_shutdown(); - - return 0; } ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/server.h#2 (text+ko) ==== ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/test_client.c#2 (text+ko) ==== @@ -31,8 +31,8 @@ else if(pid == 0) return 0; // enter capability mode - if(cap_enter()) err(EX_SOFTWARE, "Failed to enter capability mode"); - else printf("Now operating in capability mode\n"); +// if(cap_enter()) err(EX_SOFTWARE, "Failed to enter capability mode"); +// else printf("Now operating in capability mode\n"); @@ -43,7 +43,7 @@ // make sure that we are, in fact, sandboxed if(open(path, O_RDONLY) < 0) printf("Sandbox is working\n"); - else err(EX_SOFTWARE, "Was able to open %s directly", path); + else fprintf(stderr, "Was able to open %s directly\n", path); // get the user angel to open the file for us @@ -60,7 +60,29 @@ // retrieve the file descriptor int fd = fd_recv(fd_control); - printf("Got file descriptor %i\n", fd); + if(fd >= 0) printf("Got file descriptor %i\n", fd); + else { fprintf(stderr, "Error receiving descriptor\n"); return 1; } + + + + path = "/etc/group"; + + // get the user angel to open the file for us + if(send(fd_control, &req, sizeof(int), 0) < 0) + err(EX_IOERR, "Error sending request type %i", req); + + if(send(fd_control, &len, sizeof(int), 0) < 0) + err(EX_IOERR, "Error sending path length %i", len); + + if(send(fd_control, path, len, 0) < 0) + err(EX_IOERR, "Error sending path '%s'", path); + + + + // retrieve the file descriptor + fd = fd_recv(fd_control); + if(fd >= 0) printf("Got file descriptor %i\n", fd); + else { fprintf(stderr, "Error receiving descriptor\n"); return 1; } char buf[40]; ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/user_angel.c#2 (text+ko) ==== ==== //depot/projects/trustedbsd/capabilities/src/tools/cap/user_angel/user_angel.h#2 (text+ko) ====
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200906101215.n5ACFE4R048461>